Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience, […]
React to this headline:
Who owns customer identity? Read More »
EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and
React to this headline:
EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »
Strategies for secure identity management in hybrid environments 2024-04-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify
React to this headline:
Strategies for secure identity management in hybrid environments Read More »
How Google plans to make stolen session cookies worthless for attackers 2024-04-03 at 08:31 By Zeljka Zorz Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers
React to this headline:
How Google plans to make stolen session cookies worthless for attackers Read More »
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo
React to this headline:
How security leaders can ease healthcare workers’ EHR-related burnout 2024-03-27 at 08:05 By Help Net Security Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality
React to this headline:
How security leaders can ease healthcare workers’ EHR-related burnout Read More »
What do Bitcoin’s all-time highs mean for crypto industry expectations in 2024? 2024-03-08 at 16:10 By Cointelegraph by Ray Salmond We’re in a bull market. Now what? Jonathan and Ray share their thoughts, ideas and expectations for the crypto market in 2024. This article is an excerpt from Cointelegraph.com News View Original Source React to
React to this headline:
What do Bitcoin’s all-time highs mean for crypto industry expectations in 2024? Read More »
Leveraging AI and automation for enhanced cloud communication security 2024-03-08 at 07:32 By Mirko Zorz In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and
React to this headline:
Leveraging AI and automation for enhanced cloud communication security Read More »
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain
React to this headline:
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »
How organizations can navigate identity security risks in 2024 2024-02-29 at 07:34 By Mirko Zorz Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks
React to this headline:
How organizations can navigate identity security risks in 2024 Read More »
Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any
React to this headline:
Using AI to reduce false positives in secrets scanners Read More »
TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was
React to this headline:
TruffleHog: Open-source solution for scanning secrets Read More »
How decentralized identity is shaping the future of data protection 2024-02-20 at 07:32 By Mirko Zorz In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, holders, and verifiers, DCI empowers individuals to selectively
React to this headline:
How decentralized identity is shaping the future of data protection Read More »
Why identity fraud costs organizations millions 2024-02-20 at 07:01 By Help Net Security 92% of respondents to a recent report shared that their organization had been a victim of identity fraud, costing an average of $4.3 million over the last 12 months. Even so, only 40% stated identity verification as a top identity challenge, noting
React to this headline:
Why identity fraud costs organizations millions Read More »
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge 2024-02-16 at 08:01 By Help Net Security The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will
React to this headline:
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge Read More »
Zero trust implementation: Plan, then execute, one step at a time 2024-02-01 at 08:02 By Helga Labus 82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year. The challenges of zero trust implementation You’ve probably heard it before: zero trust
React to this headline:
Zero trust implementation: Plan, then execute, one step at a time Read More »
Great security or great UX? Both, please 2024-01-30 at 08:02 By Help Net Security A new user is signing up for a SaaS application. On the one hand, UX teams want that user to get into the app as quickly as possible. On the other hand, security teams want the user to strongly validate their
React to this headline:
Great security or great UX? Both, please Read More »
Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has
React to this headline:
Attackers can steal NTLM password hashes via calendar invites Read More »
Out with the old and in with the improved: MFA needs a revamp 2024-01-19 at 08:02 By Help Net Security From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This can
React to this headline:
Out with the old and in with the improved: MFA needs a revamp Read More »
Digital nomads amplify identity fraud risks 2024-01-19 at 06:31 By Help Net Security The number of foreign document verification cases in all parts of the world has grown by an average of 21% since the summer of 2021, according to Regula. It’s even higher in the US and UAE: these countries are experiencing a 25%
React to this headline:
Digital nomads amplify identity fraud risks Read More »